Create directories ru/en/de and copy there plans of lessons. In ru-directory i put english files for translate them in future.
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@421 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
white.tiger.russia@gmail.com
16
src/main/webapp/lesson_plans/ru/Phishing.html
Normal file
16
src/main/webapp/lesson_plans/ru/Phishing.html
Normal file
@ -0,0 +1,16 @@
|
||||
<div align="Center">
|
||||
<p><b>Lesson Plan Title:</b> Phishing with XSS </p>
|
||||
</div>
|
||||
<p><b>Concept / Topic To Teach:</b> </p>
|
||||
<!-- Start Instructions -->
|
||||
It is always a good practice to validate all input on the server side.
|
||||
XSS can occur when unvalidated user input is used in an HTTP response.
|
||||
With the help of XSS you can do a Phishing Attack and add content to a page
|
||||
which looks official. It is very hard for a victim to determinate
|
||||
that the content is malicious.
|
||||
<!-- Stop Instructions -->
|
||||
<p><b>General Goal(s):</b> </p>
|
||||
The user should be able to add a form asking for username
|
||||
and password. On submit the input should be sent
|
||||
to http://localhost/WebGoat/catcher?PROPERTY=yes &user=catchedUserName&password=catchedPasswordName
|
||||
|
||||
Reference in New Issue
Block a user